Accessing ACPI SLIC From UEFI Shell

Those who follow my work in the UEFI Shell space are aware that I usually develop a number of new, and hopefully useful, UEFI shell utilities each year. This year, I plan to write three or four new utilities and enhance a number of existing utilities. This is the first of these new utilities.

In this post, I describe the ShowSLIC utility. It is the first of my new utilities and came about from license and booting issues caused by a disk failure on a friend’s laptop that was running Windows 7.

ShowSLIC is designed to enable you to retrieve SLIC (System License Internal Certificate) information from a UEFI-based Microsoft Windows PC or laptop. Such information is accessible (exposed) via the ACPI (Advanced Configuration and Power Interface) SLIP table.

Some history first. Licensing was easy to bypass (defeat) in Windows XP and earlier versions of Microsoft Windows. Windows Vista was the first version of Microsoft Windows whose royalty OEM licensing mechanism was harder to defeat. Basically, the BIOS was modified by an OEM to contain specific licensing information. This information was exposed to the operating system via the ACPI SLIC table.

When Windows Vista was installed by a royalty OEM, it would be given certificate files with appropriate OEM information and public keys. The certificates themselves were signed by a Microsoft private key to resist tampering. The Royalty OEM process was triggered by use of a generic OEM serial number (product key), common to all computers sold by a particular OEM. When the product key was entered, the system firmware was checked for a SLIC table, and the contents compared to any and all OEM certificates that had been loaded by Windows. If a SLIC table was present, and matched a valid OEM certificate, Windows Vista was offline activated.

The problem with this activation mechanism was that a royalty OEM generally had one key for each major version of Windows Vista (Home, Professional, etc), and you could change versions of Windows Vista by simply using a different OEM key.

Windows 7 OEM activation was exactly the same as for Windows Vista, just the certificate version was increased from SLIC 2.0 to SLIC 2.1. Windows 8 and Windows 8.1 could also use SLIC activation but the version of SLIC was rev’ed to SLIC 3.0.

Windows 8 was also the first version of Microsoft Windows to use a new royalty OEM licensing mechanism based on an ACPI table called MSDM. This table contains a hardware hash that matches the machine it is installed on, along with a full OEM Windows key, which is specific to the machine it is installed on. Activation via a generic OEM product key is no longer used, instead each OEM computer requires a unique activation product key. By the way, my ShowMSDM utility can be used to retrieve full MSDM information from the UEFI shell.

SLIC should not be confused with SLP (System Locked Pre-installation), which was a entirely different mechanism used by the major computer manufacturers to pre-activate Microsoft Windows computers before distribution. See this Wikipedia article for more information.

There is nothing unusual in the above code so I will not go into details about each function. It was designed to be built using the UDK2017 snapshot of TianoCore EDK2.

Note that I have switched all UEFI utilities that I maintain from GNU-EFI or UDK2015 and GCC to UDK2017 and LLVM Clang. Note also that I no longer use utility version numbers such as “1.0” or “1.1”. Now I use a date string of the form “YYYYMMDD”.

Note that OEMID and OEMTableID are not just exposed in the SLIC table. In fact, they are exposed in all system ACPI table headers except FACS and are considered the identifier of a category of physical computers. However, they play an important role in SLIC-based license activation as they are part of the Windows Marker section of a SLIC table.

Finally, I do not know how to extract information from the signature field of the Windows Marker section of the SLIC table. I do know that it is some sort of digital certificate generated by the appropriate version (in this case 2.1) of the Microsoft OATool (OEM Activation Tool).